VoteTrustUSA: Gaping Hole in HAVA Voting System Standards Widened in 2005

Gaping Hole in HAVA Voting System Standards Widened in 2005

By Howard Stanislevic, VoteTrustUSA E-Voting Education Project

May 21, 2006

What's all this talk about banned interpreted code, high hardware failure rates, Hursti hacks, RABA revelations, and typos in our Voting System Standards?

Critics of electronic voting may want to take a break from their hacking chores, remove their white hats, kick back with a cup of java and read the current version of the EAC's Voting System Standards/Guidelines (VSS/G) just one more time to see what's really been going on since HAVA became the law of the land. If they do so, they'll find that not only does the current (2002) VSS/G adopted under Section 222 (e) of the Help America Vote Act:

- allow an unacceptably high failure rate of one in every 11 electronic voting systems in the country on every Election Day;

- not require any means of independent verification of voting system tallies such as a voter-verified paper audit trail (VVPAT);

- exempt from inspection any commercial off-the-shelf software used in e-voting systems (such as Microsoft's operating systems and Access database);

but it also contains a loophole big enough to shove a lever machine through.

According to Volume II, Appendix B.5, Qualification Test Results and Recommendation,

"ny uncorrected deficiency that does not involve the loss or corruption of voting data shall not necessarily be cause for rejection. Deficiencies of this type may include failure to fully achieve the levels of performance specified in Volume I, Sections 3 and 4 of the Standards , or failure to fully implement formal programs for qualify assurance and configuration management described in Volume I, Sections 7 and 8."

In other words, vendors don't even have to meet the standards in the VSS/G if the testing authority labs (which they fund) or the EAC says they don't have to. So much for banning things such as interpreted code or trying to achieve an acceptable hardware failure rate or improved e-voting security. If the EAC gives a vendor a pass, there are almost no voting system hardware or software performance requirements that actually have to be met. Nearly all are subject to re-interpretation by the EAC.

(And yes, the authors of the above loophole spelled the word quality incorrectly too – you can’t make this stuff up!)

snip

On second thought, maybe the authors of the 2002 loophole really did mean, “qualify assurance.” After all, qualification of almost any system can be assured via this loophole.

http://www.votetrustusa.org/index.php?option=com_content&task=view&id=1299&Itemid=26

Isn't the operating system part of the vote counting system?


I am an activist, and not an IT person, but it sounds like to me that Windows CE
is a system meant to be built upon, and alot happens there:



The question is: what software has the means and opportunity to change the contents of vote data? Operating system software, device drivers, application software (like GEMS or the code running on Diebolds in-precint voting machines) all have the means to affect the contents
of vote data.



And isn't this how the "patch" was applied in Georgia?



This same info here:

http://www.ncvoter.net/dieboldcode.html

Other fun with Diebold in NC here:
http://www.ncvoter.net/dieboldnews.html

And indicates that the EAC is not doing much to protect our votes. I wonder if they even care?

Well, now that the Hursti hack has landed in the higher media, won't the EAC have to deal with that soon? What can we do to make sure EAC has to deal with it soon?

Yep, got one myself from a friend who worked for them. Same for EAC. Did you read this, it's hotter than your blood... http://www.scoop.co.nz/stories/HL0604/S00233.htm Spread it around. Lehto and I are off the "A" list for this one. It is the UNVARNISHED TRUTH about HAVA and the plan to cramdown DREs everywhere.

The best chance we have for 2006 is for a major DEM to hoot and hollar about this nonsense and threaten the vendors etc. with massive demoncstrations if they screw up 2006. Of course, this will mitigate not prevent screwed up elections. So we'll have demonstrations anyway.

Just look at it this way, "It's all whatever..."

Ya know, admiral, when private communications are being listened too, code words are used, or misleading statements are issued.

But you are so right, when we finally get a major Dem to hoot and hollar about this crap, the sun will rise over the wasteland of burned elections and something new will be able to grow. This time we'll be around to keep the damn weeds from overtaking the field, eh?

Amended to say: where'd all the newbies go?

My adopted state, Virginia, also produced
a few admirals...here's John Paul Jones.
"Don't tread on us!" to modify a phrase.

It will happen, the hooting and hollering. We just have to make sure we don't get co-opted.

It's not about "integrity" ... that's an IT or engineering term, lifeless. It's about a passion
to fight FRAUD. Stop the thievery or we'll have John Paul visit your shoreline and lay a few in
there;)

Republican government. How on God's green Earth (or, this place) are they going to win again?

We know how.

I can't believe there is no coordinated plan to reform the EAC. Or is there a plan but I've never heard about it?

when in a situation where we can't say a violation of the law
has occurred, that leaves the power of the pen
to push for change.

Thanks to Howard for writing this up, and
please keep writing about the "standards" and
the folks who are setting them.

Beware any federal program, like
Leave No Child Behind,
Clean Skies, etc
and beware
HAVA.

Billions of $ spent and then oops forgot to set some meaningful
standards!




HAVA